Senior Director, Information Technology - Security Operations

Performance Food Group is a customer-centric foodservice distribution leader headquartered in Richmond, Va. Grounded by roots that date back to a grocery peddler in 1885, PFG has a nationwide network of approximately 150 distribution centers, 35,000-plus talented associates, and thousands of valued suppliers across the country. With the goal of helping customers thrive, PFG markets and delivers quality food and related products to independent and chain restaurants, schools, business and industry locations, convenience operations, healthcare facilities, vending distributors, office coffee service distributors, big box retailers, and theaters across the U.S.

We Deliver the Goods:

• Competitive pay and benefits, including Day 1 Health & Wellness Benefits, Employee Stock Purchase Plan, 401K Employer Matching, Education Assistance, Paid Time Off, and much more
• Growth opportunities performing essential work to support Americas food distribution system
• Safe and inclusive working environment, including culture of rewards, recognition, and respect

Performance Food Group is looking for a talented Security Operations professional to lead PFG's Security Operations team. Reporting to the Chief Information Security Officer, this individual will oversee all aspects of PFG's security monitoring, detection, response, and vulnerability & exposure management disciplines. The leader will be responsible for directly managing a team of internal Security Operations team members and oversee various third party Managed Security Service and professional services providers, as well as leading matrixed and cross functional information technology and line of business delivery and incident specific response teams in readiness preparation and response to incidents. The successful candidate will have an insaciable passion for finding weaknesses in systems and monitoring for threats against them, keeping pace with and adapting to evolving threats, and leading PFG's response to anything that threatens company data and systems, as well as customer, vendor, and associate data.

• Work with Security Engineering and Administration and Cloud Services Teams residing in PFG's Enterprise Technology Services department to oversee their implementation and management of security related capabilities; Access Control, Directory Services, NetSecOps - Firewall, IDS/IPS, Endpoint Protection, Email Threat Protection, Web Application Firewall, Microsegmentation/Workload Protection capabilities.
• Lead and directly manage PFG's Red Team and Blue Team units, which focus on offensive (e.g. penetration testing, vulnerability scanning) and defensive (monitoring, triage, response) security operations
• Manage and mentor and mentor internally staffed security analysts and oversee outsourced managed security service providers including 24/7 Security Operations Center Level 1 monitoring services, and provider's implementation, enhancement, and support of Security Incident and Event Mangement (SIEM) and Security Orchastration and Automated Response (SOAR) capabilities. Manage vendor relationships, contract, service level agreements, and reporting.
• Establish key metrics and reporting associated with Security Operations, including the definition of metrics, acceptance tolerances, and reporting/performance against established objectives Lead PFG's security education and awareness and insider threat programs, including computer based training, mock phishing, threat advisory communications disciplines
• Own, manage, and update PFG's Security Incident Response Plan and associated readiness of its application, developing and incorporating playbooks and runbooks for tactical, scenario specific security event and incident management. Facilitate directly or commission the execution of pre-incident readiness excercises, from tabletop excercises with technology teams and IT/business leadership, to purple team technical exercises that replicate real world attack scenarios and real time response.
• Oversee daily security event triage, serve as Major Incident Manager during notable incidents, and support workforce investigations attributed to HR, legal matters and violations of company polices. Ensure all notable security incidents follow security incident lifecycle stages, including post mortems, and inform needed continuous improvement in prevention, detection, and response capabilities
• Work with other external stakeholders and scenario specific participants to PFG's Security Incident Response plan, including law enforcement, retained Security Incident Response provider, cyber insurance carriers/brokers, legal, privacy, and public relations, crisis management, and forensics suppliers
• Maintains future Security Operations strategy, contributing as a component to PFG's rolling 3 year Information Security Strategy.
• Contributes to infrastructure and application architecture standards, and provides a feedback loop of needed improvements to SecOps team members, outsourced Managed Security Service Providers, infrastructure and application teams, that foster improvements in system vulnerabilities/exposure and PFG's ability to detect and respond to cyber threats.
• Performs other related duties as assigned.

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.